We have recently updated the vpcticonnector.jks trust store with a new certificate which extends the date of expiration. The new valid dates are from 11/21/2017 to 8/23/2022. If you are using AES Connector and secured connection, please do the following:

1. Go to the AES Connector app directory in the app server.
2. Find the vpcticonnector.jks file under the WEB-INF/lib directory, and replace it with the one attached.
3. Restart the app server.

This file can be used for all currently supported releases of Orchestration Designer.

Hi

Is there a way to check that the period has been extended after changing the jks file?

Not really, the certificate is being accessed and used internally.

I found the method.


1. Enable JTAPI DebugLog on the app server.
2. Open debug log, search "ds:X509Certificate".
3. Copy string in the <ds:X509Certificate> tag.
4. Paste string to text editor, and save as certificate file such as "after.crt".
5. Check expiration date of the certificate file.

Good finding. I didn't know it would show up in the jtapi log.

New certificate will expire at June 23rd 2022. Old one at June 24th 2018.
Certificate can be exported from store file easly using any java tool named keytool by issuing a command:

keytool -export -keystore vpcticonnector.jks -file out.crt -alias mykey
(put empty password)

Next you can view out.crt file using any PC machine.

Regards
Seb

Hello Team,

Please, could you answer a couple of questions about this update:

1- How do we check if the OD is using the AES Connector Name Licensing Certificate?
2- What error will be seen and which log we can check in order to confirm if this is indeed a license issue?
3- Will the errors appear after the certificate expires, or only after the next restart?
4- Is there anything preventing the customers to implement the update in ODs that are not using the AES Connector Name Licensing Certificate? (in other words, should they only execute the update if the OD is using the AES Connector Name Licensing Certificate?)
5- Is there a command we can execute to check if the certificate has the new date (using openssl, keytool or similar) and what response should the customer expect? <-- just noticed that this is answered in OldSeb reply above
6- Is there a file that informs the OD version?

Kind regards,

You can view the the validity of the certificate:
keytool -list -v -keystore vpcticonnector.jks
No Password (Enter)

Alias name: mykey
Creation date: Nov 21, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=VP_001
Issuer: CN=Avaya HDTG Product Root, OU=HDTG, O=Avaya Inc., C=US
Serial number: 300ee3a8749c4859
Valid from: Tue Nov 21 10:19:16 EET 2017 until: Tue Aug 23 17:29:49 EEST 2022

Thank you very much!

Team,

Any answer to the other questions?

1- How do we check if the OD is using the AES Connector Name Licensing Certificate?
2- What error will be seen and which log we can check in order to confirm if this is indeed a license issue?
3- Will the errors appear after the certificate expires, or only after the next restart?
4- Is there anything preventing the customers to implement the update in ODs that are not using the AES Connector Name Licensing Certificate? (in other words, should they only execute the update if the OD is using the AES Connector Name Licensing Certificate?)
6- Is there a file that informs the OD version?

Can you please confirm that these actions should only be taken if the customers are using CSTA-S (secured links) t-links?

Hello,

I updata the vpcticonnector.jks,but it is show the WARN.

13/07/2018 23:45:53:604 DEBUG - CTIConnectorManager.initProvider: setup named licensing.
13/07/2018 23:45:53:648 WARN - CTIConnectorManager.initProvider: problem with requestPrivileges; the version of AES may not support Namm [23;1Hed Licensing. (Exception - com.avaya.jtapi.tsapi.TsapiPlatformException: requestPrivileges failure: com.avaya.jtapi.tsapi.TsapiPlatformEE [24;1Hxception: ACS Error: 120)

Thanks fo help.

Hey guyz, can anyone tell me that how can we check the period? I mean that how would we come to know that it has extended after we've changed the jks file?

Hi ,
The existing certificate will expire at Aug 23rd 2022, where can I get the updated Certificate

All that is necessary is to do to handle this the expiry of the certificate is to follow the guidance in this PSN:
(https://download.avaya.com/css/public/documents/101080435 ), and then test to ensure that
your system is working.

Hello everyone

I've deployed aesconnector exported from AOD 8.1.2, and tried to make connection with an AES 10.1.0.1.0.7, I see the WEB/lib/vpcticonnector.jks is the same attached to this post, but still I'm having the next message on AES mvap log.

<130>Nov 29 21:33:22 aes2bt TSAPI[3769341]: -06:00 2022 924 1 com.avaya.aes | ERROR:CRITICAL:TSERVER:ClnMsg.cpp/2613 122 CLNTMSG[1]: An acsSetPrivileges() request was denied verify_ctx_2033because certificate verification failed, rc=0, error=20. loginID=AEPuser, app=Jtapi Client, sessionID=5995, ip=xx.xx.xx.115, driver=AVAYA#CMDUPLEX#CSTA-S#AES2BT

PSN020534u does not mention a fix for AES 10.1 and later releases. how can I get help with this?

regards